AWS Cognito


Achieve a truly frictionless login experience with YooniK Single Sign-On (SSO). To login with YooniK, you need a username and a selfie, and that’s it! No more passwords to worry about.

This guide details the required steps to setup YooniK as an external identity provider in your AWS Cognito user pool.

With this integration you can easily add a passwordless login option for all your AWS Cognito enabled apps using YooniK SSO.

Prerequisites

  1. An AWS account with a user pool created in AWS Cognito.
  2. Find your AWS Cognito domain name:
    1. Login to AWS Cognito and go to your User Pool dashboard.
    2. Click on App integration > Domain name.
  3. Send an e-mail to support@yoonik.me requesting a SSO service account and provide your app name and AWS Cognito domain name. You will receive a unique identifier for the registered app and also a secret (Client ID and Client Secret). Make note of these values, you will need them later.

Add the YooniK SSO Integration

To integrate YooniK SSO with AWS Cognito, go to your User Pool dashboard and follow the steps below.

  1. Click on Federation > Identity Providers.
  2. Click on OpenID Connect.
  3. Fill out the fields to add a new connection:
    • Provider Name - Set to “YooniK”.
    • Client ID - Client ID received from YooniK.
    • Client Secret - Client Secret received from YooniK.
    • Attributes request method - Keep the default value "GET".
    • Authorize scope - Enter “openid profile email”.
    • Issuer - Enter "https://accounts.yoonik.me".
  4. Click on Run discovery to make sure YooniK servers can be reached successfully.
  5. Click on Create provider.

Enable the YooniK SSO Connection

To use the YooniK SSO connection, you must first enable it for your AWS Cognito Apps:

  1. In your User Pool dashboard, click on App integration > App client settings.
  2. Check the YooniK box in the Enabled Identity Providers section.

Enroll users

Users can enroll with YooniK by signing up here using the same e-mail address as in their AWS Cognito login. This way, we can link both YooniK and AWS Cognito accounts with the user e-mail.

After the e-mail is confirmed, it will be available through the OIDC email claim.

Troubleshooting

If you find any issues or need help with the setup please contact us or join us at our discord community.